CVE-2026-53981
HIGH NVDCVSS Score
7.6
Severity
HIGH
Source
NVD
Published
Jun 12, 2026
Description
Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email address without re-authentication such as password or MFA verification. Attackers can redirect verification to an attacker-controlled email address and subsequently perform a password reset to permanently take over the victim's account.